<?php
// +----------------------------------------------------------------------
// | YBlog
// +----------------------------------------------------------------------
// | Copyright (c) 2008 http://www.yhustc.com All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: yhustc <yhustc@gmail.com>
// +----------------------------------------------------------------------
// $Id$

/**
 +------------------------------------------------------------------------------
 * YBlog日志评论模块
 +------------------------------------------------------------------------------
 * @author    yhustc <yhustc@gmail.com>
 * @version   $Id$
 +------------------------------------------------------------------------------
 */


class CommentAction extends BaseAction
{
	/**
     +----------------------------------------------------------
     * 发表评论
     +----------------------------------------------------------
     * @access public 
     +----------------------------------------------------------
     */
	function post()
	{
		$postDao = D("Posts");
		$postID = $_POST["comment_post_ID"];
		$postInfo = $postDao->field("comment_status")->where("`ID`='".$postID."'")->find();
		
		//先看看是否可以发表评论
		//在这里做一次检测是必要的，虽然页面上可能没有评论框了
		//但是用户可以通过其它方面把内容POST到服务器上
		if($this->options["default_comment_status"]!="open" || $postInfo["comment_status"]!="open")
			$this->error("评论功能已关闭");
		
		if(md5($_POST["verify"])!=$_SESSION["verify"])
			$this->error("验证码不正确");
		
		//验证码清除,防止反复提交
		$_SESSION["verify"] = time()+rand();

		$commentDao = D("Comments");
		$vo = $commentDao->create();
		if(!$vo)
			$this->error($commentDao->getError());

		$comment_ID = $commentDao->add();
		if($comment_ID)
		{
			$postDao->setInc("comment_count","`ID`='".$postID."'");
			//是否需要发邮件通知
			if($this->options["comments_notify"] == "1" && !strstr(get_cfg_var('disable_functions'),'fsockopen'))
			{
				import("@.ORG.Mail");
				$mail = new Mail();
				$mail->sendmail(substr($this->options["admin_email"],0,strpos($this->options["admin_email"],"@")).' <'.$this->options["admin_email"].'>',$this->options["blogname"],$vo["comment_author"].": ".$vo["comment_content"]);
			}
			
			//评论是否需要经过审核
			if($this->options["comment_moderation"]=="open")
				$this->error("评论发表成功<br />管理员审核之后才能在页面上显示");
			else
			{
				S("commentList",null); //将最新评论widget使用的缓存清空
				
				if($this->isAjax())
					$this->ajaxReturn($comment_ID,"发表评论成功",1);
				else
				{
					$this->assign("jumpUrl",url($postID,"Blog")."#comment-".$comment_ID);
					$this->success("发表评论成功");				
				}
			}
		}
		else
			$this->error("发表评论失败");
	}
	
	/**
     +----------------------------------------------------------
     * 接收引用通告(trackback)
     +----------------------------------------------------------
     * @access public 
     +----------------------------------------------------------
     */
	function trackback()
	{
		$postDao = D("Posts");
		$postID = $_GET["ID"];	
		$postInfo = $postDao->field("ping_status")->where("`ID`='".$postID."'")->find();
		
		//先看看是否可以使用引用通告
		//在这里做一次检测是必要的，虽然页面上可能没有引用通告相关的链接
		$error = 1;
		if($this->options["default_ping_status"]=="open" && $postInfo["ping_status"]=="open")
		{	
			//引用通告与评论有些东西不一样,这里自己组装数据,不使用CommentModel的create
			$data = array("comment_post_ID"=>$postID,"comment_author"=>safeEncoding($_POST["title"]." | ".$_POST["blog_name"]),"comment_author_url"=>$_POST["url"],"comment_author_IP"=>get_client_ip(),"comment_date"=>date("Y-m-d H:i:s"),"comment_content"=>safeEncoding($_POST["excerpt"]),"comment_approved"=>"1","comment_type"=>"trackback");
			
			$commentDao = D("Comments");
			$comment_ID = $commentDao->add($data);
	
			if($comment_ID)
			{
				$postDao->setInc("comment_count","`ID`='".$postID."'");
				$error = 0;
			}
		}
		
		die('<?xml version="1.0" encoding="iso-8859-1"?><response><error>'.$error.'</error></response>');
	}
}
?>